You may have heard about ransomware attacks in the last few months. These are attacks that seize control of your machine or your data and demand a ransom to remove the virus. Back in the 90’s, these attacks were less common but demanded large quantities of money and would target large organizations, governments and critical infrastructure suppliers.
More recently, the criminals involved in ransomware attacks have realized that demanding small payments and targeting individual users can be more fruitful, and arguably is less likely to raise enough interest to warrant a law-enforcement counter-attack.
According to a report published by security specialist NowSecure, a vulnerability in the Swift keyboard software, pre-installed on Samsung devices, can allow a remote attacker to execute code on the user's phone as well as access functions like the microphone and camera.
Worse still there's no way to uninstall Swift and the flaw can be exploited even if you don't use the app. It affects leading Samsung smartphone models from the Galaxy S4 to the S6.
You might think that today's scammers spend most of their effort on the Internet, but a new report by call center authentication specialist Pindrop Security reveals that phone fraud is still big business.
More than 86.2 million calls per month to US consumers are down to scammers, and 36 million of those calls can be traced to one of the 25 most common phone scams. It also finds a 30 percent rise in enterprise attacks.
So, the unthinkable has happened for millions of LastPass customers worldwide: LastPass’s servers have been hacked, and user data stolen. The good news -- if it could be said to be good -- is that your passwords are almost certainly safe… For now.
Doing nothing shouldn’t be seen as an option, so what can you do to ensure your LastPass account remains as tightly sealed as can be?
A lot of people trust LastPass to keep their passwords safe, which is why news that the company has been hacked and its user data compromised is seriously worrying.
LastPass discovered and blocked some suspicious activity on its network last Friday and immediately launched an investigation. Today it reports its findings, and they're very concerning indeed.
In a post-Edward Snowden world, privacy and security are huge concerns. While many people call him a traitor to his country, many others -- myself included -- consider him a hero. Snowden shone a light on government programs that were arguably illegal and unconstitutional. The ultimate win from his actions is that people that were ignorant to privacy issues before, are now interested in them. He planted a seed of curiosity and concern.
As a result of this new interest in privacy, many companies have been reacting to show customers that they are safe and secure. One of the most vocal of these companies is Microsoft. Today, the company announces that it will soon start encrypting all Bing web searches. Whoa. This is huge.
Another day, another media story about a public sector data breach. Whether it’s a filing cabinet containing confidential prison documents unwittingly sold at auction, private employee data accidentally posted online, or papers sent to the wrong person by mistake, invariably, the end result is that the media has a field day and the Information Commissioner issues yet another reprimand or fine.
Are things really this bad when it comes to information protection in the public sector? Well, yes and no. We recently completed a study of how public sector bodies across the UK manage their information. The findings reveal that one in four (23 percent) public sector organizations aren’t confident in their approach and recognize they are putting data at risk. Six in every ten (61 percent) say poor information handling has resulted in important documents being lost internally, and 40 percent have suffered an external data breach.
When Sony Pictures was hacked last year, one of the primary concerns for the company was the leaking of a number of unreleased movies. But in the UK, there were other consequences, including the daytime broadcast of the movie The Verdict complete with a smattering of four-letter expletives.
Sony Pictures Entertainment's subsidiary company Media Mix Limited owns the TV station Movie Mix, and on 14 December the channel broadcast an edit of the movie peppered with f-bombs. In the middle of the afternoon. The channel's excuse? That the "safe for daytime" broadcast version of the movie had been deleted by hackers.
The humble PIN is a common way to secure access to accounts, but it has one major problem -- it is, usually, limited to using the digits 0-9. A UK firm thinks it may have come up with a better solution: emoji-based PINs.
Intelligent Environments' Emoji Passcode system can be used to secure accounts with ideograms. The company argues that Emoji passcodes are not only easier to remember than number-based alternatives, but also more secure. This is thanks to the fact that there is a pool of 44 Emoji to choose from, and research also suggests people find it easier to remember images.
UK secret services say that the encrypted files Edward Snowden held from his time working at the NSA have been accessed by intelligence agencies in China and Russia. The Sunday Times reports that the top secret files have been hacked meaning that British and American spies could be identified and located.
Wanted by US authorities, Snowden has been in hiding for some time now. It is believed that the time he spent seeking refuge in Hong Kong and Moscow may have given security official the opportunity to access the data he held. Although the data was protected, it is thought that the encryption was hacked, and US and UK intelligence services have been "forced to intervene and lift their agents from operations to prevent them from being identified and killed".
There is a movement calling for the encryption of all web traffic. The cause of this could be laid at Edward Snowden's door, but there's no getting away from the fact that in recent years there is an increased interest in security and privacy. To this end, Wikimedia has announced that it is now using HTTPS to encrypt all of its traffic -- including that to Wikipedia.
We've already seen the US government embrace HTTPS, and companies like Google and Facebook are making it easier to control privacy settings. Apple has hit out at companies that fail to do enough to protect users' privacy, and Wiki media is taking the extra step of also implementing HSTS, just days after Microsoft announced that this would be supported by Internet Explorer 11 under Windows 7 and 8.1.
Uber, the San Francisco-based private taxi firm, is putting its passengers in grave danger. The company uses a computerized driver sign-up system that can be easily fooled into authorizing drives with fake insurance papers. The transport network exploded onto the scene a few years ago, and a whistleblower claims that it is all too easy to cheat the system making it possible for virtually anyone to sign up to be an Uber driver.
The vulnerability was found to have been exploited in London where there are around 15,000 Uber drivers in operation. The scam has been demonstrated by The Guardian who worked with a whistleblower to fraudulently sign up as a driver. It was achieved using fabricated insurance papers from a made up company with a fake letterhead.
Bounty hunters can make a killing if they uncover security problems with software. There are lots of companies who will pay out in cold, hard cash to anyone who managed to unearth security vulnerabilities, and Mozilla has announced that it is increasing its top level bounty.
The company is appealing to white hat hackers and security experts to help plug holes in its software, and it is willing to cough up for it. Mozilla's security program had already paid out $1.6 million over the years, and the Client Bug Bounty Program has just been updated so that maximum payout is now $10,000.
Snapchat has bolted on some extra security to its Android and iOS apps in the form of two-factor authentication.
The Verge spotted that with the latest version of the Snapchat app, when you log on from a new device, the software will send a text to the mobile registered with your account containing a security number.
Reddit is both famous and infamous. It's a source of news, a platform for disseminating such delights as the pictures that came out of the Fappening, and home to the ever-interesting Ask Me Anything sessions. But like any social website, it also has problems. Like Facebook, Twitter, and other sites, there are issues with spam, trolling, and abuse. Reddit has a particular problem with sections that are dedicated to harassing and abusing groups of people.
Now the site is fighting back. It is taking a proactive approach and removing subreddits whose raisons d'être are the harassment of people. The cull initially sees the removal of five offending subreddits, but the Reddit team explains that only one with a sizeable userbase is affected -- r/fatpeoplehate.